CVE-2005-2149

5 documents5 sources
Severity
10.0CRITICAL
EPSS
1.3%
top 20.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
THE Cacti Group Cacti
Timeline
PublishedJul 6
Latest updateMay 1

Description

config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

Debiancacti< 0.8.6f-1+3
NVDthe_cacti_group/cacti15 versions+14

Patches

Patch: sourceforge.netPatch: www.cacti.netPatch: www.hardened-php.net

🔴Vulnerability Details

3
GHSA
GHSA-r2fr-8m3m-rwqg: config2022-05-01
CVEList
CVE-2005-2149: config2005-07-06
OSV
CVE-2005-2149: config2005-07-06

📋Vendor Advisories

1
Debian
CVE-2005-2149: cacti - config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_htt...2005
CVE-2005-2149 (CRITICAL CVSS 10) | config.php in Cacti 0.8.6e and earl | cvebase.io